diff options
-rw-r--r-- | source3/include/ntlmssp_wrap.h | 4 | ||||
-rw-r--r-- | source3/librpc/crypto/cli_spnego.c | 5 | ||||
-rw-r--r-- | source3/libsmb/clifsinfo.c | 5 | ||||
-rw-r--r-- | source3/libsmb/ntlmssp_wrap.c | 7 | ||||
-rw-r--r-- | source3/rpc_client/cli_pipe.c | 7 | ||||
-rw-r--r-- | source3/rpc_server/dcesrv_ntlmssp.c | 4 | ||||
-rw-r--r-- | source3/smbd/negprot.c | 4 | ||||
-rw-r--r-- | source3/smbd/seal.c | 15 | ||||
-rw-r--r-- | source3/smbd/sesssetup.c | 14 | ||||
-rw-r--r-- | source3/smbd/smb2_sesssetup.c | 23 |
10 files changed, 41 insertions, 47 deletions
diff --git a/source3/include/ntlmssp_wrap.h b/source3/include/ntlmssp_wrap.h index bfbfdebd26..71fa3b7370 100644 --- a/source3/include/ntlmssp_wrap.h +++ b/source3/include/ntlmssp_wrap.h @@ -72,10 +72,6 @@ void auth_ntlmssp_want_feature(struct auth_ntlmssp_state *ans, uint32_t feature) DATA_BLOB auth_ntlmssp_get_session_key(struct auth_ntlmssp_state *ans, TALLOC_CTX *mem_ctx); -NTSTATUS auth_ntlmssp_update(struct auth_ntlmssp_state *ans, - TALLOC_CTX *mem_ctx, - const DATA_BLOB request, DATA_BLOB *reply); - NTSTATUS auth_ntlmssp_client_prepare(TALLOC_CTX *mem_ctx, struct auth_ntlmssp_state **_ans); NTSTATUS auth_ntlmssp_client_start(struct auth_ntlmssp_state *ans); diff --git a/source3/librpc/crypto/cli_spnego.c b/source3/librpc/crypto/cli_spnego.c index 4742158b24..db03fdc852 100644 --- a/source3/librpc/crypto/cli_spnego.c +++ b/source3/librpc/crypto/cli_spnego.c @@ -24,6 +24,7 @@ #include "auth/ntlmssp/ntlmssp.h" #include "librpc/crypto/gse.h" #include "librpc/crypto/spnego.h" +#include "auth/gensec/gensec.h" static NTSTATUS spnego_context_init(TALLOC_CTX *mem_ctx, bool do_sign, bool do_seal, @@ -213,8 +214,8 @@ NTSTATUS spnego_get_client_auth_token(TALLOC_CTX *mem_ctx, case SPNEGO_NTLMSSP: ntlmssp_ctx = sp_ctx->mech_ctx.ntlmssp_state; - status = auth_ntlmssp_update(ntlmssp_ctx, mem_ctx, - token_in, &token_out); + status = gensec_update(ntlmssp_ctx->gensec_security, mem_ctx, NULL, + token_in, &token_out); if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { mech_wants_more = true; diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c index b312cfbd48..fa8dba5fbd 100644 --- a/source3/libsmb/clifsinfo.c +++ b/source3/libsmb/clifsinfo.c @@ -27,6 +27,7 @@ #include "smb_crypt.h" #include "trans2.h" #include "ntlmssp_wrap.h" +#include "auth/gensec/gensec.h" /**************************************************************************** Get UNIX extensions version info. @@ -637,8 +638,8 @@ NTSTATUS cli_raw_ntlm_smb_encryption_start(struct cli_state *cli, } do { - status = auth_ntlmssp_update(es->s.auth_ntlmssp_state, es->s.auth_ntlmssp_state, - blob_in, &blob_out); + status = gensec_update(es->s.auth_ntlmssp_state->gensec_security, es->s.auth_ntlmssp_state, + NULL, blob_in, &blob_out); data_blob_free(&blob_in); data_blob_free(¶m_out); if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) || NT_STATUS_IS_OK(status)) { diff --git a/source3/libsmb/ntlmssp_wrap.c b/source3/libsmb/ntlmssp_wrap.c index 3d1d099a58..af5f2c9f68 100644 --- a/source3/libsmb/ntlmssp_wrap.c +++ b/source3/libsmb/ntlmssp_wrap.c @@ -127,13 +127,6 @@ DATA_BLOB auth_ntlmssp_get_session_key(struct auth_ntlmssp_state *ans, TALLOC_CT } } -NTSTATUS auth_ntlmssp_update(struct auth_ntlmssp_state *ans, - TALLOC_CTX *mem_ctx, - const DATA_BLOB request, DATA_BLOB *reply) -{ - return gensec_update(ans->gensec_security, mem_ctx, NULL, request, reply); -} - static NTSTATUS gensec_ntlmssp3_client_update(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx, struct tevent_context *ev, diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index 94e4a5106f..9af351b274 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -34,6 +34,7 @@ #include "rpc_dce.h" #include "cli_pipe.h" #include "libsmb/libsmb.h" +#include "auth/gensec/gensec.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_RPC_CLI @@ -1048,7 +1049,7 @@ static NTSTATUS create_ntlmssp_auth_rpc_bind_req(struct rpc_pipe_client *cli, struct auth_ntlmssp_state); DEBUG(5, ("create_ntlmssp_auth_rpc_bind_req: Processing NTLMSSP Negotiate\n")); - status = auth_ntlmssp_update(ntlmssp_ctx, mem_ctx, null_blob, auth_token); + status = gensec_update(ntlmssp_ctx->gensec_security, mem_ctx, NULL, null_blob, auth_token); if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { data_blob_free(auth_token); @@ -1773,8 +1774,8 @@ static void rpc_pipe_bind_step_one_done(struct tevent_req *subreq) case DCERPC_AUTH_TYPE_NTLMSSP: ntlmssp_ctx = talloc_get_type_abort(pauth->auth_ctx, struct auth_ntlmssp_state); - status = auth_ntlmssp_update(ntlmssp_ctx, state, - auth.credentials, &auth_token); + status = gensec_update(ntlmssp_ctx->gensec_security, state, NULL, + auth.credentials, &auth_token); if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { status = rpc_bind_next_send(req, state, diff --git a/source3/rpc_server/dcesrv_ntlmssp.c b/source3/rpc_server/dcesrv_ntlmssp.c index 04dd9e6521..dcbfafb1c2 100644 --- a/source3/rpc_server/dcesrv_ntlmssp.c +++ b/source3/rpc_server/dcesrv_ntlmssp.c @@ -59,7 +59,7 @@ NTSTATUS ntlmssp_server_auth_start(TALLOC_CTX *mem_ctx, return status; } - status = auth_ntlmssp_update(a, mem_ctx, *token_in, token_out); + status = gensec_update(a->gensec_security, mem_ctx, NULL, *token_in, token_out); if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { DEBUG(0, (__location__ ": auth_ntlmssp_update failed: %s\n", nt_errstr(status))); @@ -88,7 +88,7 @@ NTSTATUS ntlmssp_server_step(struct auth_ntlmssp_state *ctx, /* this has to be done as root in order to verify the password */ become_root(); - status = auth_ntlmssp_update(ctx, mem_ctx, *token_in, token_out); + status = gensec_update(ctx->gensec_security, mem_ctx, NULL, *token_in, token_out); unbecome_root(); return status; diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c index 89ef52c6e8..a0ed52d659 100644 --- a/source3/smbd/negprot.c +++ b/source3/smbd/negprot.c @@ -208,8 +208,8 @@ DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbd_server_connection *sconn) if (NT_STATUS_IS_OK(status)) { status = auth_generic_start(auth_ntlmssp_state, GENSEC_OID_SPNEGO); if (NT_STATUS_IS_OK(status)) { - status = auth_ntlmssp_update(auth_ntlmssp_state, ctx, - data_blob_null, &blob); + status = gensec_update(auth_ntlmssp_state->gensec_security, ctx, + NULL, data_blob_null, &blob); /* If we get the list of OIDs, the 'OK' answer * is NT_STATUS_MORE_PROCESSING_REQUIRED */ if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { diff --git a/source3/smbd/seal.c b/source3/smbd/seal.c index f68b6c7a8f..73efc6ceff 100644 --- a/source3/smbd/seal.c +++ b/source3/smbd/seal.c @@ -28,6 +28,7 @@ #include "auth.h" #include "libsmb/libsmb.h" #include "../lib/tsocket/tsocket.h" +#include "auth/gensec/gensec.h" /****************************************************************************** Server side encryption. @@ -488,9 +489,9 @@ static NTSTATUS srv_enc_ntlm_negotiate(const struct tsocket_address *remote_addr return status; } - status = auth_ntlmssp_update(partial_srv_trans_enc_ctx->auth_ntlmssp_state, - talloc_tos(), - secblob, &chal); + status = gensec_update(partial_srv_trans_enc_ctx->auth_ntlmssp_state->gensec_security, + talloc_tos(), NULL, + secblob, &chal); /* status here should be NT_STATUS_MORE_PROCESSING_REQUIRED * for success ... */ @@ -613,7 +614,7 @@ static NTSTATUS srv_enc_spnego_ntlm_auth(connection_struct *conn, return NT_STATUS_INVALID_PARAMETER; } - status = auth_ntlmssp_update(ec->auth_ntlmssp_state, talloc_tos(), auth, &auth_reply); + status = gensec_update(ec->auth_ntlmssp_state->gensec_security, talloc_tos(), NULL, auth, &auth_reply); data_blob_free(&auth); /* From RFC4178. @@ -683,9 +684,9 @@ static NTSTATUS srv_enc_raw_ntlm_auth(connection_struct *conn, } /* Second step. */ - status = auth_ntlmssp_update(partial_srv_trans_enc_ctx->auth_ntlmssp_state, - talloc_tos(), - blob, &response); + status = gensec_update(partial_srv_trans_enc_ctx->auth_ntlmssp_state->gensec_security, + talloc_tos(), NULL, + blob, &response); if (NT_STATUS_IS_OK(status)) { /* Return the context we're using for this encryption state. */ diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index a5f2030ee5..7729ff675b 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -644,8 +644,8 @@ static void reply_spnego_negotiate(struct smb_request *req, return; } - status = auth_ntlmssp_update(*auth_ntlmssp_state, talloc_tos(), - secblob, &chal); + status = gensec_update((*auth_ntlmssp_state)->gensec_security, talloc_tos(), + NULL, secblob, &chal); data_blob_free(&secblob); @@ -757,8 +757,8 @@ static void reply_spnego_auth(struct smb_request *req, } } - status = auth_ntlmssp_update(*auth_ntlmssp_state, talloc_tos(), - auth, &auth_reply); + status = gensec_update((*auth_ntlmssp_state)->gensec_security, talloc_tos(), + NULL, auth, &auth_reply); data_blob_free(&auth); @@ -1171,9 +1171,9 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req) } } - status = auth_ntlmssp_update(vuser->auth_ntlmssp_state, - talloc_tos(), - blob1, &chal); + status = gensec_update(vuser->auth_ntlmssp_state->gensec_security, + talloc_tos(), NULL, + blob1, &chal); data_blob_free(&blob1); diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c index aa898eaad7..059b26f0bf 100644 --- a/source3/smbd/smb2_sesssetup.c +++ b/source3/smbd/smb2_sesssetup.c @@ -388,10 +388,10 @@ static NTSTATUS smbd_smb2_spnego_negotiate(struct smbd_smb2_session *session, goto out; } - status = auth_ntlmssp_update(session->auth_ntlmssp_state, - talloc_tos(), - secblob_in, - &chal_out); + status = gensec_update(session->auth_ntlmssp_state->gensec_security, + talloc_tos(), NULL, + secblob_in, + &chal_out); } if (!NT_STATUS_IS_OK(status) && @@ -582,9 +582,10 @@ static NTSTATUS smbd_smb2_spnego_auth(struct smbd_smb2_session *session, } } - status = auth_ntlmssp_update(session->auth_ntlmssp_state, - talloc_tos(), auth, - &auth_out); + status = gensec_update(session->auth_ntlmssp_state->gensec_security, + talloc_tos(), NULL, + auth, + &auth_out); /* If status is NT_STATUS_OK then we need to get the token. * Map to guest is now internal to auth_ntlmssp */ if (NT_STATUS_IS_OK(status)) { @@ -661,10 +662,10 @@ static NTSTATUS smbd_smb2_raw_ntlmssp_auth(struct smbd_smb2_session *session, } /* RAW NTLMSSP */ - status = auth_ntlmssp_update(session->auth_ntlmssp_state, - smb2req, - in_security_buffer, - out_security_buffer); + status = gensec_update(session->auth_ntlmssp_state->gensec_security, + smb2req, NULL, + in_security_buffer, + out_security_buffer); if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { *out_session_id = session->vuid; |